Confessions of the QSA: An Introduction to the Payment Card Industry Data Security Standard

 

As most in the industry know, a QSA must get certified by the PCI Security Standards Security Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance. Created in 2004 by major credit card brands, such as Visa and American Express, the council acts as a form of self-regulation.

So, how did Weaver become an expert on PCI, and what types of solutions does it offer its clients?

On this episode of Weaver: Beyond The Numbers, host Tyler Kern talked with Trip Hillman, Director of Cyber Security Services at Weaver, and Kyle Morris, Manager of IT at Advisory Services at Weaver. The trio dug into insights from Weaver’s Quality Security Assessor and explored how Weaver dove headfirst into PCI.

The PCI DSS applies to organizations that store, process, transmit or could affect the security of cardholder data. Companies that fall under this standard could do a variety of things, such as an annual self-assessment questionnaire, or bring in a third-party, independent QSA to do a full-blown report on compliance audit.

Morris is a QSA and started at Weaver about eight years ago. A few years into his career, they had a client, a service provider, start getting asked by their customers if they knew anything about PCI and the report on compliance. At the time, they hadn’t done anything with it, but decided to figure it out. That morphed into Weaver diving headfirst into PCI.

“We help people with self-assessment questionnaires or SAQs and everything from full-on ROCs for Fortune 50 Cloud Providers to small merchants to SaaS solutions,” Morris said.

Follow us on social media for the latest updates in B2B!

Image

Latest

DXpedition
Icom Powers 3Y0K: Ham Radio’s Most Ambitious DXpedition to Remote Bouvet Island (Part 2)
October 23, 2025

Few places on Earth are as inaccessible—and as coveted by amateur radio operators—as Bouvet Island. Located in the South Atlantic, this uninhabitable rock has long been regarded as the “Mount Everest of DXpeditions.” According to the DXCC Most Wanted List, Bouvet ranks near the very top of sought-after contacts, making every attempt to activate…

Read More
DXpedition
Icom Powers 3Y0K: Ham Radio’s Most Ambitious DXpedition to Remote Bouvet Island (Part 1)
October 23, 2025

Bouvet Island sits at the edge of the world. It is frozen, uninhabited, and almost impossible to access. Fewer people have set foot there than in space. That level of remoteness is exactly what makes it so valuable to amateur radio operators. The island ranks tenth on ClubLog’s list of Most Wanted DXCC entities,…

Read More
data
Data Fluency and Human Connection Power Marketing Careers in the Age of AI
October 23, 2025

With new AI marketing tools appearing almost daily, it’s no wonder teams feel stretched thin. Yet beneath the constant buzz of automation and algorithms, the real drivers of growth haven’t changed: reliable data and thoughtful strategy. A recent Adobe study found that nearly half of marketers—a whopping 48%—say their biggest obstacle is ensuring data accuracy….

Read More
Architect
Architect’s Perspective: Retrofitting Aging Mall Properties
October 23, 2025

Architect Johnny Stewart, AIA, shares his perspective on retrofitting aging mall properties into vibrant, sustainable community hubs. He highlights three core strategies, starting with enhancing the property’s mixed-use capabilities by adding diverse tenants like gyms, pickleball courts, local restaurants, or even residential spaces to drive foot traffic. A second key area is improving parking and…

Read More